pf: Fix interface binding for af-to with route-to

States created by inbound af-to rules bypass outbound filtering and span
both the inbound and outbound interfaces. When the first packet for such rule
creates a state, this state has st->orig_kif set the original inbound interface
and kif set to V_pfi_all. When the outbound interface is eventually
known st->kif is updated to that interface. When not using route-to,
the outbound route and its interface are determined for the new address family
and st->kif is set to that interface. However when using route-to, ifp
is explicitely given and the code for updating st->kif is not run for
the first packet. When the returning packet matches the state, the code is
run but updates st->kif to the original inbound interface, which is now
the outbound interface. The state ends up with st->kif == st->orig_kif
and won't forward any more returning packets.

There is another block of code performing such update, but only for reply-to.

Perform the update of st->kif in a single place no matter if ifp was
explicitely given or found by routing lookup. For checks using pings
check if really all pings have been replied to, because a single reply
is enough to have ping exit with a successful exit code.

Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52445

(cherry picked from commit 42441d342071767f32cfe507466135dc79052a56)